Lucene search
K

876 matches found

Snyk
Snyk
added 2026/04/03 9:50 p.m.3 views

Use of Uninitialized Resource

Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource in the undopxr24impl function. An attacker can access sensitive heap memory contents by submitting a specially crafted EXR file that triggers the decoder to read uninitialized memory and include it in the...

8.7CVSS5.9AI score0.00482EPSS
Exploits1References2
Redos
Redos
added 2026/04/01 12:0 a.m.9 views

ROS-20260401-73-0025

A vulnerability in the pngsetquantize function of the libpng PNG raster graphics library is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code using a specially generated PNG file...

8.3CVSS6.5AI score0.00955EPSS
Exploits1
Redos
Redos
added 2026/04/01 12:0 a.m.6 views

ROS-20260401-73-0013

A vulnerability in the pngimagefinishread function of the pngimagefinishread library for handling bitmap graphics in the PNG libpng format is related to writing beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code by loading a...

7.1CVSS6.3AI score0.00224EPSS
Exploits4
EUVD
EUVD
added 2026/03/24 3:30 p.m.6 views

EUVD-2026-14901

A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations,...

7.8CVSS6.1AI score0.00553EPSS
Exploits0References3
CVE
CVE
added 2026/03/24 2:42 p.m.125 views

CVE-2026-4775

The CVE-2026-4775 entry concerns the libtiff library. A signed integer overflow in putcontig8bitYCbCr44tile can be triggered by a specially crafted TIFF file, leading to an out-of-bounds heap write. Documented impact includes denial of service (crash) or arbitrary code execution. Affected details...

7.8CVSS6.1AI score0.00553EPSS
Exploits0References31Affected Software4
CVE
CVE
added 2026/03/23 12:0 a.m.15 views

CVE-2026-30006

XnSoft NConvert 7.230 is affected by a vulnerability described as a Stack Buffer Overrun triggered by a crafted TIFF file. The issue relates to parsing TIFF data and can impact availability. The provided documents identify the affected product and the file type but do not disclose the exact root-...

6.2CVSS5.8AI score0.00158EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 10:54 a.m.10 views

CVE-2022-23906

CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution RCE vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file...

7.2CVSS7.6AI score0.02087EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:43 a.m.5 views

CVE-2022-26302

Heap-based buffer overflow exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file...

7.8CVSS7.8AI score0.00855EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:16 a.m.7 views

CVE-2022-27821

Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via crafted image file...

5.5CVSS6.7AI score0.00267EPSS
Exploits0References1
Snyk
Snyk
added 2025/12/23 9:41 p.m.1 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via genericunpack. An attacker can achieve arbitrary code execution by tricking a user into opening a specially crafted EXR file that exploits improper validation of user-supplied data, leading to a heap-based...

7.8CVSS8.3AI score0.00158EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/23 9:41 p.m.4 views

Heap-based Buffer Overflow

Overview OpenEXR is a Python bindings for the OpenEXR image file format Affected versions of this package are vulnerable to Heap-based Buffer Overflow via genericunpack. An attacker can achieve arbitrary code execution by tricking a user into opening a specially crafted EXR file that exploits...

7.8CVSS8.2AI score0.00158EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/12/18 4:15 p.m.4 views

CVE-2025-68469

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.1-14, ImageMagick crashes when processing a crafted TIFF file. Version 7.1.1-14 fixes the issue...

5.1CVSS5.9AI score0.00178EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/18 3:36 p.m.2 views

CVE-2025-68469 ImageMagick vulnerable to heap-buffer-overflow

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.1-14, ImageMagick crashes when processing a crafted TIFF file. Version 7.1.1-14 fixes the issue...

5.1CVSS6.3AI score0.00178EPSS
Exploits1References1
CVE
CVE
added 2025/12/18 3:36 p.m.482 views

CVE-2025-68469

CVE-2025-68469 affects ImageMagick prior to 7.1.1-14, where processing a specially crafted TIFF file causes a crash. The issue is fixed in 7.1.1-14. For administrators, remediation is to upgrade ImageMagick to 7.1.1-14 or later (per the initial description and connected advisories referencing the...

5.1CVSS6.3AI score0.00178EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2025/12/18 3:36 p.m.4 views

EUVD-2025-204303

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.1-14, ImageMagick crashes when processing a crafted TIFF file. Version 7.1.1-14 fixes the issue...

5.1CVSS6.2AI score0.00178EPSS
Exploits1References1
OSV
OSV
added 2025/11/25 10:18 p.m.5 views

JLSEC-2025-262 Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a c...

Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045...

6.5CVSS6.6AI score0.01478EPSS
Exploits1References16
OSV
OSV
added 2025/11/25 10:18 p.m.8 views

JLSEC-2025-298 LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to...

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127...

6.8CVSS8.2AI score0.00435EPSS
Exploits1References16
OSV
OSV
added 2025/11/25 10:18 p.m.4 views

JLSEC-2025-263 A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3....

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other...

7.1CVSS6.9AI score0.01542EPSS
Exploits1References18
Tenable Nessus
Tenable Nessus
added 2025/10/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-11679

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds Read in lwsupngemitnextline in warmcat libwebsockets allows, when the LWSWITHUPNG flag is enabled during compilation and the HTML display stack is...

5.9CVSS5.9AI score0.00356EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/10/13 1:20 a.m.7 views

libtiff: Libtiff Write-What-Where

A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controll...

8.8CVSS7.6AI score0.00739EPSS
Exploits0References8
Rows per page
Query Builder